## <summary>Policy for getty.</summary>

########################################
## <summary>
##	Execute gettys in the getty domain.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`getty_domtrans',`
	gen_require(`
		type getty_t, getty_exec_t;
	')

	corecmd_search_sbin($1)
	domain_auto_trans($1,getty_exec_t,getty_t)

	allow $1 getty_t:fd use;
	allow getty_t $1:fd use;
	allow getty_t $1:fifo_file rw_file_perms;
	allow getty_t $1:process sigchld;
')

########################################
## <summary>
##	Inherit and use getty file descriptors.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`getty_use_fd',`
	gen_require(`
		type getty_t;
	')

	allow $1 getty_t:fd use;
')

########################################
## <summary>
##	Allow process to read getty log file.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`getty_read_log',`
	gen_require(`
		type getty_log_t;
	')

	logging_search_logs($1)
	allow $1 getty_log_t:file { getattr read };
')

########################################
## <summary>
##	Allow process to read getty config file.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`getty_read_config',`
	gen_require(`
		type getty_etc_t;
	')

	files_search_etc($1)
	allow $1 getty_etc_t:file { getattr read };
')

########################################
## <summary>
##	Allow process to edit getty config file.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`getty_modify_config',`
	gen_require(`
		type getty_etc_t;
	')

	files_search_etc($1)
	allow $1 getty_etc_t:file rw_file_perms;
')